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DETAILED ACTION 

1. Claims 1-32 have been examined. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 10-32 are rejected under 35 U.S.C. 101 

Regarding claims 10 and 12-29, the claims are not limited to tangible 
embodiments. In view of applicant's disclose, specification page 7, line 12 - page 8, line 

4. the medium is not limited to tangible embodiments, instead being defined as including 
both tangible embodiments (e.g., RAM, ROM, CD-ROM) and intangible embodiments 
(e.g., wired/wireless networks). As such, the claims are not limited to statutory subject 
matter and are therefore non-statutory. 

Regarding claim 1 1, it claims a modulated data signal carrying computer 
executable instructions. The claim is not tangibly embodied and is therefore non- 
statutory. 

Regarding claims 30-32, the claims are rejected because: 

■ they claim a data structure; however, no functional description language is 
part of the data structure in the claims. Therefore, the claimed subject matter is 
nonfunctional descriptive material and is non-statutory. 

■ the claims are not limited to tangible embodiments. In view of applicant's 
disclose, specification page 7, line 12 - page 8, line 4, the medium is not limited 
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to tangible embodiments, instead being defined as including both tangible 
embodiments (e.g., RAM, ROM, CD-ROM) and intangible embodiments (e.g., 
wired/wireless networks). As such, the claims are not limited to statutory subject 
matter and are therefore non-statutory. 



Claim Rejections - 35 USC §112 

4. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

5. Claims 28-29 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. Claims 28-29 recite the limitation "said dynamic 
access element" in line 3. There is insufficient antecedent basis for this limitation in the 
claims. For examination purpose, the limitation is interpreted as "a dynamic access 
element". 



Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

7. Claims 1-32 are rejected under 35 U.S.C. 102(e) as being anticipated by Swift 
(6,308,274). 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 102(e) might be overcome 
either by a showing under 37 CFR 1 .132 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not the 
invention "by another," or by an appropriate showing under 37 CFR 1 .131 . 

Regarding claims 1, 3-4, 10-15 and 22, Swift discloses a method for dynamically 
managing access to a resource in a computer system having a client making a request 
for the resource, the method comprising: 

computing a client authorization context after the request for the resource 
is received from the client (col. 4, lines 46-55); 

determining, via an application programming interface, based upon 
dynamic data and first dynamic policy whether the client authorization context is to be 
updated, wherein said first dynamic policy is tailored to an application through which the 
resource is accessed (col. 6, line 5 - col. 7, line 35); 

updating the client authorization context according to said determination 
(col. 6, line 5 - col. 7, line 35); 
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comparing the client authorization context to at least one access control 
entry of an access control list (col. 7, lines 51-61 ); 

identifying an access control entry as an access control entry of type allow 
and when the allow access control entry applies in access evaluation, dynamic access 
check using dynamic data is automatically invoked (col. 5, lines 2-1 1 ; col. 7, lines 51 -61 ; 
col. 1 1 , lines 21 -65), the allow access control entry being functionally equivalent to a 
callback access control entry; and 

in response to identifying the access control entry as a callback access 
control entry, evaluating, via said application programming interface, based upon the 
dynamic data and the second dynamic policy whether said allow access control entry 
bears on said access request, wherein said second dynamic policy is tailored to said 
application (col. 5, lines 2-11; col. 7, lines 51-61; col. 11, lines 21-65). 

Regarding claim 2, Swift further discloses that the first dynamic policy defines 
flexible rules for determining the client authorization context (col. 6, lines 5-27; col. 12, 
lines) and wherein said second dynamic policy defines flexible rules for purposes of 
determining access privileges (col. 7, lines 51-61 ; col. 1 1 , lines 21-65). 

Regarding claims 5, 16 and 23, Swift further discloses that the evaluating based 
upon dynamic data includes invoking an application-defined dynamic access check 
routine that performs based in part upon dynamic data such as a Boolean expression in 
the access control list, the Boolean expression indicating a condition for granting access 
to the resource (col. 1 1 , lines 21-65; col. 12, lines 46-67). Since access is evaluated 
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using data in each access control entry, inherently, the Boolean expression is part of the 
callback access control entry. 

Regarding claims 6, 17 and 24, Swift further discloses that the access check 
routine is invoked automatically when there is a match between an identifier in the client 
authorization context and an identifier in the callback access control entry (col. 7, lines 
51-61; col. 11, lines 21 -65). 

Regarding claims 7 and 18, Swift further discloses registering with the operating 
system, which is the resource manager of the computer system, an application-defined 
routine for determining dynamic groups (col. 6, lines 38-47; col. 12, lines 36-67). 

Regarding claims 8 and 19, Swift further discloses an application-defined routine 
for determining dynamic access checks is performed by the security mechanism in the 
kernel (col. 1 1 , lines 10-20). Inherently, the routine is registered with the operating 
system, which is the resource manager of the computer system. 

Regarding claims 9, 21 and 25, Swift further discloses that the evaluating based 
upon dynamic data and second dynamic policy supplements a determination of access 
rights based upon static data and policy (col. 11, lines 38-56). 

Regarding claim 20, Swift further discloses comparing data to a client 
authorization context determined based upon static data and policy before determining 
whether the client authorization context is to be updated (col. 7, lines 5-22; col. 8, lines 
8-17). 

Regarding claim 26, Swift discloses for an application in a computer system 
having a resource manager that manages and controls access to a resource, carrying 
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out a dynamic authorization callback mechanism that provides extensible support for 
application-defined business rules via a set of APIs and DACLS including a dynamic 
groups element, which enables an application to assign temporary group membership, 
based on dynamic factors, to a client for the purpose of checking access rights (col. 5, 
lines 2-28; col. 6, lines 15-27; col. 7, lines 5-22; col. 8, lines 30-60; col. 11, lines 10-56). 

Regarding claim 27, Swift further discloses a dynamic access check element, 
which enables an application to perform dynamic access checks, via DACLS and APIs, 
said dynamic access checks being customized to the application (col. 13, lines 20-56). 

Regarding claim 28, Swift further discloses that the dynamic groups element and 
a dynamic access element are performed at the operating system level (col. 13, lines 
20-56). Inherently the elements are registered with the operating system which is the 
resource manager of the computer system. 

Regarding claim 29, Swift further discloses that the dynamic groups element and 
a dynamic access element utilize dynamic data related to client operation (col. 12, lines 
46-59; col. 13, lines 20-43). 

Regarding claim 30, Swift discloses a data structure stored on a computer 
storage medium for use in connection with dynamic access check determinations for an 
application in a computer system, the data structure comprising: an identifier identifying 
the data structure as an allow access control entry (col. 5, lines 2-11). Swift discloses 
that when a deny access control entry applies, no further testing is necessary but when 
an allow access control entry applies, dynamic access check using dynamic data is 
automatically invoked (col. 5, lines 2-11; col. 7, lines 51-61; col. 11, lines 21-65); 
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therefore, the allow access control entry meets the limitation of a callback access 
control entry. 

Swift discloses storing in an access control list dynamic authorization policy data 
in a format tailored to the application (col. 11, lines 47-56; col. 12, lines 36-67). Since 
the dynamic authorization policy data indicates an allowable condition, inherently, it is 
part of the allow access control entry. 

Regarding claim 31 , Swift further discloses that the data structure comprises a 
security identifier (fig. 5, element 80; col. 5, lines 2-11). 

Regarding claim 32, Swift further discloses that the data structure comprises a 
list of access permissions (fig. 5, element 80; col. 5, lines 2-11). 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Patent No. 5,321 ,841 to East et al. 

U.S. Patent No. 6,366,913 to Fitler, Jr. et al. 

U.S. Patent No. 6,412,070 to Van Dyke et al. 

U.S. Patent No. 6,591 ,265 to Erickson et al. 

U.S. Patent No. 6,754,892 to Butt et al. 

U.S. Patent Application Publication No. 2002/0010768 to Marks et al. 
Thomas, R. K. et al, Task-based Authorization Controls (TBAC): A Family of 
Models for Active and Enterprise-oriented Authorization Management 
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Any inquiry concerning "this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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